The Basics of Computer Network Security

Computer network security is the line of defense that stops intruders from accessing your computer or network. Information stored on your computers include banking details, credit card credentials and communication logs either chat or email. You can live with someone reading you personal conversations but not when they steal your bank or credit card information. Intruders are discovering new vulnerabilities or loop holes every day. Developers or computer vendors often provide patches that cover up previous loop-holes. A "zero-day" attack is an attack that targets a vulnerability for which there is no solution easily available.

Types Of Network Threats

Denial of Service (DoS) - attacks are probably the nastiest and most difficult to address. They are very easy to launch, difficult (sometimes impossible) to track and it's difficult to refuse the requests of the attacker without also refusing legitimate requests for service.

The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that makes it a simple matter of running a program and telling it which Internet connection to inundate with requests. If the host is able to answer 20 requests per second and the attacker is sending 50 per second, the host is overloaded and legitimate users will be denied access.

Unauthorized Access - is classified by three distinct forms of attacks; Executing Commands Illicitly, Confidentiality Breaches and Destructive Behavior. The goal of these attacks is to gain unauthorized access to some resource on your network. For example; a web server should provide anyone with requested web pages, but should not provide anyone command access.

Executing Commands Illicitly - Very few users need to have command access to systems on the network; this is typically the domain of administrators only. Viruses, Worms and Trojan horses exploit weaknesses in this area.

Destructive Behavior - Among the destructive sorts of break-ins and attacks, there are two major categories: Data Tampering and Data Destruction. Data Tampering is possibly the most insidious form of a cyber attack. The hacker gains access to your records and alters the content without any awareness on your part. Tampering of accounting figures, patient records, transcripts, etc. usually do not get detected until months or years afterwards. Tracking the problem down is extremely difficult and confidence in all of your records will be in question, so reconciliation is extremely costly.

Data Destruction is the cyber equivalent of a terrorist attack: The destruction of your records possibly without a clear motive. Hackers who pride themselves on breaking into a network find this the most malicious way to leave their mark.

How I can secure my network?

Security Management for networks is different for all kinds of situations. A small home or an office would only require basic security while large businesses will require high maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming.

·         Use a strong password. Any administrative account on a shared computer, including the Toolkit administrator account, should have a strong password. Avoid practices such as using a common dictionary word, basing a password on your name, or using a common password such as “password” or “letmein”. Also avoid using a blank password for the Toolkit administrator account. A strong password is:

·  Long. Passwords should be at least eight characters long, and longer is better. For the Toolkit administrator password, consider using a password that is at least 15 characters long for enhanced password security.

·  Complex. Passwords should use a combination of lower-case and upper-case letters, numbers, and symbols (for example, ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . / or a space character).

·         Use a passphrase instead of a password. In Windows XP, you can use a passphrase instead of a password. Passphrases can be long, complex, and easy to remember. Just make sure that you still use the same strong password rules mentioned previously. An example of a passphrase is “I taught my 3 old dogs 6 new tricks!”

·         Change the password regularly. Change passwords regularly and make them different from previous passwords. Just adding a number to the end of your regular password is not different enough. You should change administrative passwords quarterly, if not more frequently.  

·         Audit physical network security. Make sure no unidentified computers of devices are attached to your network or can be easily attached to your network. Packet sniffers and rogue servers can be used to penetrate your network, compromising your computers and your data.

·         Keep computers visible. If the shared computers are intended for public access, make sure that you can see what users are doing. Although it is usually inappropriate to look over a user’s shoulder during a session, you should at least be able to see whether the user is trying to open the computer case.

·         Lock computers. Use locks on computer cases to ensure that users cannot open them. This prevents users from being able to open the case to add or remove components, or install monitoring devices. Use locks to keep computers and other devices attached to their tables or desks. Use an optical mouse so that users cannot take the mouse ball. Also, if you provide headphones to users, secure the headphone cable to the computer case to help prevent theft or vandalism.

·         Perform regular inspections. After a user finishes using a computer, inspect the computer and peripherals for any signs of tampering. Some monitoring devices attach to a parallel port, USB port, or inline with a keyboard cable.

·         Mark computers. Consider using an etching tool to mark the inside of computer cases with information that identifies the computer and your organization. Also record the model and serial numbers of computers and peripherals.

·         Update the BIOS. Ensure that your shared computer is running the latest BIOS version available from the manufacturer of the computer before you install Windows XP.

·         Password protect the BIOS configuration. This protection requires that a user enter a valid password to access the computer’s BIOS setup screens.

·         Prevent startup from removable media. In the BIOS setup screens, disable the options that allow the computer to start from a CD-ROM, floppy disk, or removable USB drive. This will help ensure that users cannot start the computer with an alternate operating system and make changes to the computer.

·         Use startup passwords if available. On some computers, the BIOS offers the ability to password protect starting of the computer from certain drives (most BIOS refer to this as a “boot” password). For example, you might be able to require a password for someone to start the computer using the floppy drive, CD-ROM drive, or even the hard drive. If you do not want to disable starting from removable devices, consider using a startup password. If a user can start using their own disk, they can usually circumvent any security measures you have in place.

·         Use a perimeter firewall. Perimeter firewalls protect an entire network, blocking all traffic that isn’t explicitly allowed between the Internet and a local network. Firewalls can also hide the addresses of the computers behind your firewall, making individual computers on a local network invisible to the outside. A perimeter firewall might be a piece of hardware that you plug into your network or a program like Microsoft Internet Security and Acceleration (ISA) Server.

·         Use a local firewall. A local firewall is a program that you install on a computer to block unsolicited traffic coming into (and sometimes going out of) that computer. Windows XP with Service Pack 2 (SP2) comes with a local firewall called Windows Firewall that is enabled by default when you install SP2.

·         Install reputable antivirus software. Antivirus software scans the contents of incoming e-mail messages, downloads, and files already on your computer, to detect virus signatures. If the software finds a virus, the software deletes or quarantines it.

·         Update the antivirus software regularly. Because hundreds of viruses are released each month, antivirus software must be updated regularly with the latest signature definitions and scanners so that the software can catch the latest viruses. If you use Windows Disk Protection, you can use a script to download and install updates to antivirus software and save those changes to disk automatically as part of the critical updates process.

·         Install reputable antispyware software. Antispyware software regularly scans the shared computer for spyware that has been installed. Some antispyware software has components that run in the background to help detect spyware before it is installed or makes changes to the computer.

Consider installing Web-filtering software. Many companies offer products that filter Internet use based on a variety of criteria. Typically, these services are much more robust than the built-in Content Advisor in Internet Explorer.